1*4882a593SmuzhiyunFrom 17e5c8d32abc214aea408f0837be41e88bce7eb2 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Jackie Huang <jackie.huang@windriver.com> 3*4882a593SmuzhiyunDate: Wed, 16 Aug 2017 13:37:40 +0800 4*4882a593SmuzhiyunSubject: [PATCH] vlock: add new recipe 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunUpstream-Status: Pending 7*4882a593Smuzhiyun 8*4882a593Smuzhiyunwritten by: Jeff Polk <jeff.polk@windriver.com> 9*4882a593SmuzhiyunSigned-off-by: Jackie Huang <jackie.huang@windriver.com> 10*4882a593Smuzhiyun 11*4882a593Smuzhiyun--- 12*4882a593Smuzhiyun Makefile | 4 ++++ 13*4882a593Smuzhiyun configure | 9 +++++++++ 14*4882a593Smuzhiyun src/vlock-main.c | 8 ++++++++ 15*4882a593Smuzhiyun 3 files changed, 21 insertions(+) 16*4882a593Smuzhiyun 17*4882a593Smuzhiyundiff --git a/Makefile b/Makefile 18*4882a593Smuzhiyunindex 4eeb42a..834cd2c 100644 19*4882a593Smuzhiyun--- a/Makefile 20*4882a593Smuzhiyun+++ b/Makefile 21*4882a593Smuzhiyun@@ -126,6 +126,10 @@ ifeq ($(AUTH_METHOD),shadow) 22*4882a593Smuzhiyun vlock-main : override LDLIBS += $(CRYPT_LIB) 23*4882a593Smuzhiyun endif 24*4882a593Smuzhiyun 25*4882a593Smuzhiyun+ifneq ($(ENABLE_FAIL_COUNT),yes) 26*4882a593Smuzhiyun+vlock-main.o : override CFLAGS += -DNO_FAIL_COUNT 27*4882a593Smuzhiyun+endif 28*4882a593Smuzhiyun+ 29*4882a593Smuzhiyun ifeq ($(ENABLE_PLUGINS),yes) 30*4882a593Smuzhiyun vlock-main: plugins.o plugin.o module.o process.o script.o tsort.o list.o 31*4882a593Smuzhiyun # -rdynamic is needed so that the all plugin can access the symbols from console_switch.o 32*4882a593Smuzhiyundiff --git a/configure b/configure 33*4882a593Smuzhiyunindex d5d84d6..1303598 100755 34*4882a593Smuzhiyun--- a/configure 35*4882a593Smuzhiyun+++ b/configure 36*4882a593Smuzhiyun@@ -44,6 +44,7 @@ Optional Features: 37*4882a593Smuzhiyun --enable-shadow enable shadow authentication [disabled] 38*4882a593Smuzhiyun --enable-root-password enable unlogging with root password [enabled] 39*4882a593Smuzhiyun --enable-debug enable debugging 40*4882a593Smuzhiyun+ --enable-fail-count enable failed login attempt summary [enabled] 41*4882a593Smuzhiyun 42*4882a593Smuzhiyun Additional configuration: 43*4882a593Smuzhiyun --with-scripts=SCRIPTS enable the named scripts [] 44*4882a593Smuzhiyun@@ -78,6 +79,9 @@ enable_feature() { 45*4882a593Smuzhiyun root-password) 46*4882a593Smuzhiyun ENABLE_ROOT_PASSWORD="$2" 47*4882a593Smuzhiyun ;; 48*4882a593Smuzhiyun+ fail-count) 49*4882a593Smuzhiyun+ ENABLE_FAIL_COUNT="$2" 50*4882a593Smuzhiyun+ ;; 51*4882a593Smuzhiyun pam|shadow) 52*4882a593Smuzhiyun if [ "$2" = "yes" ] ; then 53*4882a593Smuzhiyun if [ -n "$auth_method" ] && [ "$auth_method" != "$1" ] ; then 54*4882a593Smuzhiyun@@ -228,6 +232,7 @@ set_defaults() { 55*4882a593Smuzhiyun AUTH_METHOD="pam" 56*4882a593Smuzhiyun ENABLE_ROOT_PASSWORD="yes" 57*4882a593Smuzhiyun ENABLE_PLUGINS="yes" 58*4882a593Smuzhiyun+ ENABLE_FAIL_COUNT="yes" 59*4882a593Smuzhiyun SCRIPTS="" 60*4882a593Smuzhiyun 61*4882a593Smuzhiyun VLOCK_GROUP="vlock" 62*4882a593Smuzhiyun@@ -353,6 +358,10 @@ MODULES = ${MODULES} 63*4882a593Smuzhiyun # which scripts should be installed 64*4882a593Smuzhiyun SCRIPTS = ${SCRIPTS} 65*4882a593Smuzhiyun 66*4882a593Smuzhiyun+# display a summary of failed authentication attempts after successfully 67*4882a593Smuzhiyun+# unlocking? 68*4882a593Smuzhiyun+ENABLE_FAIL_COUNT = ${ENABLE_FAIL_COUNT} 69*4882a593Smuzhiyun+ 70*4882a593Smuzhiyun # root's group 71*4882a593Smuzhiyun ROOT_GROUP = ${ROOT_GROUP} 72*4882a593Smuzhiyun 73*4882a593Smuzhiyundiff --git a/src/vlock-main.c b/src/vlock-main.c 74*4882a593Smuzhiyunindex 008f6f0..108ce8b 100644 75*4882a593Smuzhiyun--- a/src/vlock-main.c 76*4882a593Smuzhiyun+++ b/src/vlock-main.c 77*4882a593Smuzhiyun@@ -112,7 +112,9 @@ static void restore_terminal(void) 78*4882a593Smuzhiyun (void) tcsetattr(STDIN_FILENO, TCSANOW, &old_term); 79*4882a593Smuzhiyun } 80*4882a593Smuzhiyun 81*4882a593Smuzhiyun+#ifdef ENABLE_FAIL_COUNT 82*4882a593Smuzhiyun static int auth_tries; 83*4882a593Smuzhiyun+#endif /* ENABLE_FAIL_COUNT */ 84*4882a593Smuzhiyun 85*4882a593Smuzhiyun static void auth_loop(const char *username) 86*4882a593Smuzhiyun { 87*4882a593Smuzhiyun@@ -182,7 +184,9 @@ static void auth_loop(const char *username) 88*4882a593Smuzhiyun } 89*4882a593Smuzhiyun #endif 90*4882a593Smuzhiyun 91*4882a593Smuzhiyun+#ifdef ENABLE_FAIL_COUNT 92*4882a593Smuzhiyun auth_tries++; 93*4882a593Smuzhiyun+#endif /* ENABLE_FAIL_COUNT */ 94*4882a593Smuzhiyun } 95*4882a593Smuzhiyun 96*4882a593Smuzhiyun /* Free timeouts memory. */ 97*4882a593Smuzhiyun@@ -190,11 +194,13 @@ static void auth_loop(const char *username) 98*4882a593Smuzhiyun free(prompt_timeout); 99*4882a593Smuzhiyun } 100*4882a593Smuzhiyun 101*4882a593Smuzhiyun+#ifdef ENABLE_FAIL_COUNT 102*4882a593Smuzhiyun void display_auth_tries(void) 103*4882a593Smuzhiyun { 104*4882a593Smuzhiyun if (auth_tries > 0) 105*4882a593Smuzhiyun fprintf(stderr, "%d failed authentication %s.\n", auth_tries, auth_tries > 1 ? "tries" : "try"); 106*4882a593Smuzhiyun } 107*4882a593Smuzhiyun+#endif /* ENABLE_FAIL_COUNT */ 108*4882a593Smuzhiyun 109*4882a593Smuzhiyun #ifdef USE_PLUGINS 110*4882a593Smuzhiyun static void call_end_hook(void) 111*4882a593Smuzhiyun@@ -217,7 +223,9 @@ int main(int argc, char *const argv[]) 112*4882a593Smuzhiyun if (username == NULL) 113*4882a593Smuzhiyun fatal_perror("vlock: could not get username"); 114*4882a593Smuzhiyun 115*4882a593Smuzhiyun+#ifdef ENABLE_FAIL_COUNT 116*4882a593Smuzhiyun ensure_atexit(display_auth_tries); 117*4882a593Smuzhiyun+#endif /* ENABLE_FAIL_COUNT */ 118*4882a593Smuzhiyun 119*4882a593Smuzhiyun #ifdef USE_PLUGINS 120*4882a593Smuzhiyun for (int i = 1; i < argc; i++) 121